Return to BSD News archive
Received: by minnie.vk1xwt.ampr.org with NNTP id AA740 ; Sun, 07 Feb 93 07:00:30 EST Newsgroups: comp.unix.bsd Path: sserve!manuel.anu.edu.au!munnari.oz.au!spool.mu.edu!uwm.edu!rpi!ghost.dsi.unimi.it!serini From: serini@ghost.dsi.unimi.it (Piero Serini) Subject: Re: *Big* security leak for users w/o crypt. References: <1kmcqrINN4l@encap.hanse.de> <CGD.93Feb3180816@eden.CS.Berkeley.EDU> <CGD.93Feb4113117@eden.CS.Berkeley.EDU> <C1zMJ1.J3t@mentor.cc.purdue.edu> Organization: Computer Science Dep. - Milan University Date: Sat, 6 Feb 1993 11:08:34 GMT Message-ID: <1993Feb6.110834.27698@ghost.dsi.unimi.it> Lines: 21 rahnds@mentor.cc.purdue.edu (Dale Rahn) writes: >Isn't It possible to set up all "secure" accounts will invalid shells. >If the shell is unavialable the login will fail it is not possible to >log into thosse accounts. >with the default setup most accounts are set with shell /dev/null which >fails. Some are not set this way (but should be). I do not wish to >list them for possible security reasons. If theses are fixed. >Then it seems that that alone would give a reasonable amount of (outside) >security from dialups, however these accounts would not be secure from >people already logged in. I use a DES implementation which accepts "*" as a valid character. So, passwords are encrypted, "secure" accounts have both "**" as password and "/dev/null" as shell. I think It's enough. Bye ------------------------------------------ Piero Serini ----------- Computer Science Dept. E-mail: serini@ghost.dsi.unimi.it Univ. Statale - Milano - ITALY or: piero@strider.st.dsi.unimi.it --------------- PUBLIC KEY AVAILABLE VIA finger(1) ----------------